Book Image

Building Enterprise JavaScript Applications

By : Daniel Li
Book Image

Building Enterprise JavaScript Applications

By: Daniel Li

Overview of this book

With the over-abundance of tools in the JavaScript ecosystem, it's easy to feel lost. Build tools, package managers, loaders, bundlers, linters, compilers, transpilers, typecheckers - how do you make sense of it all? In this book, we will build a simple API and React application from scratch. We begin by setting up our development environment using Git, yarn, Babel, and ESLint. Then, we will use Express, Elasticsearch and JSON Web Tokens (JWTs) to build a stateless API service. For the front-end, we will use React, Redux, and Webpack. A central theme in the book is maintaining code quality. As such, we will enforce a Test-Driven Development (TDD) process using Selenium, Cucumber, Mocha, Sinon, and Istanbul. As we progress through the book, the focus will shift towards automation and infrastructure. You will learn to work with Continuous Integration (CI) servers like Jenkins, deploying services inside Docker containers, and run them on Kubernetes. By following this book, you would gain the skills needed to build robust, production-ready applications.

Related Content you might be interested in

Current Title:

Small book image
Building Enterprise JavaScript Applications
Daniel Li
Sep, 2018 | 764 pages
Small book image
Windows Subsystem for Linux 2 (WSL 2) Tips, Tricks, and Techniques
Stuart Leeks
Oct, 2020 | 246 pages
Small book image
Git Essentials
Ferdinando Santacroce
Nov, 2017 | 238 pages
Table of Contents (26 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Dedication
Dedication
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
The Importance of Good Code
The Importance of Good Code
Technical debt
Test-Driven Development
Summary
2
The State of JavaScript
The State of JavaScript
Evolution of the web application
Benefits of Node.js
Summary
3
Managing Version History with Git
Managing Version History with Git
Setting up Git
Learning the basics
Branching and merging
Releasing code
Hotfixes
Working with others
Summary
4
Setting Up Development Tools
Setting Up Development Tools
What is Node.js?
Modules
Installing Node
Starting projects with npm
Using yarn instead of npm
Creating an HTTP server
Transpiling ES6 with Babel
Consolidating commands with npm scripts
Automating development using nodemon
Linting with ESLint
Committing our code into Git
Summary
5
Writing End-to-End Tests
Writing End-to-End Tests
Understanding different types of test
Following a TDD workflow
Gathering requirements
Setting Up E2E tests with Cucumber
Implementing step definitions
Validating data type
Migrating our API to Express
Moving common logic into middleware
Validating our payload
Testing the success scenario
Summary
6
Storing Data in Elasticsearch
Storing Data in Elasticsearch
Introduction to Elasticsearch
Installing Java and Elasticsearch
Understanding key concepts in Elasticsearch
Querying Elasticsearch from E2E tests
Indexing documents to Elasticsearch
Cleaning up after our tests
Summary
7
Modularizing Our Code
Modularizing Our Code
Modularizing our code
Adding a user profile
Summary
8
Writing Unit/Integration Tests
Writing Unit/Integration Tests
Picking a testing framework
Structuring our test files
Writing our first unit test
Completing our first unit test suite
Unit testing ValidationError
Unit testing middleware
Unit testing the request handler
Unit testing our engine
Integration testing our engine
Adding test coverage
Finishing up
Summary
9
Designing Our API
Designing Our API
What it means to be RESTful
Designing our API
Completing our API
Summary
10
Deploying Our Application on a VPS
Deploying Our Application on a VPS
Obtaining an IP address
Setting up a Virtual Private Server (VPS)
Running our API
Keeping our API alive with PM2
Running our API on port 80
Setting up NGINX
From IP to domain
Summary
11
Continuous Integration
Continuous Integration
Continuous Integration (CI)
Integrating with Travis CI
Continuous Integration with Jenkins
Summary
12
Security – Authentication and Authorization
Security – Authentication and Authorization
What is Authentication?
Introduction to password-based authentication
Implementing password-base authentication
Keeping users authenticated
Next steps
Summary
13
Documenting Our API
Documenting Our API
Overview of OpenAPI and Swagger
Defining an API specification with OpenAPI
Generating documentation with Swagger UI
Deployment
Summary
14
Creating UI with React
Creating UI with React
Picking a front-end framework/library
Getting started with React
Modularizing React
Summary
15
E2E Testing in React
E2E Testing in React
Testing strategies
Writing E2E tests with Gherkin, Cucumber, and Selenium
Routing with React Router
TDD
Over to you
Summary
16
Managing States with Redux
Managing States with Redux
State management tools
Converting to Redux
Summary
17
Migrating to Docker
Migrating to Docker
Problems with manual deployment
Introduction to Docker
Mechanics of Docker
Following best practices
Summary
18
Robust Infrastructure with Kubernetes
Robust Infrastructure with Kubernetes
High availability
High reliability
High throughput
High scalability
Clusters and microservices
Cluster management
Picking a cluster management tool
Control Planes and components
Kubernetes objects
Setting up the local development environment
Creating our cluster
Creating our first Pod
Understanding high-level Kubernetes objects
Declarative over imperative
Configuring Elasticsearch cluster
Deploying on cloud provider
Persisting data
Introducing PersistentVolume (PV)
Dynamic volume provisioning with StorageClass
Visualizing Kubernetes Objects using the Web UI Dashboard
Deploying the backend API
Creating a backend Service
Exposing services through Ingress
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Chapter 12. Security – Authentication and Authorization

So far in this book, we have developed a simple API that allows anonymous users to create, retrieve, modify, and delete users. This is insecure and impractical for any real-world applications. Therefore, in this chapter, we will begin to secure our API by implementing a rudimentary authentication and authorization layer on top of it. This will also give us a chance to practice the TDD process and work with the CI servers.

The purpose of this chapter is to show you how to implement a stateless authentication and authorization scheme using JSON Web Tokens (JWTs). Being stateless is extremely important to ensure the scalability of our application, something which we will discuss in Chapter 18, Robust Infrastructure with Kubernetes.

By the end of this chapter, our API will be more secure than its current state, but there'll still be a lot more steps we need to take to truly secure it. It'll be impossible to cover all security-related topics...

Previous Section
End of Section 1
Next Section